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Abstract. We address the verification problem of ordered multi-pushdown automata: 
A multi-stack extension of pushdown automata that comes with a constraint on stack 
transitions such that a pop can only be performed on the first non-empty stack. First, we 
show that the emptiness problem for ordered multi-pushdown automata is in 2ETIME. 
Then, we prove that, for an ordered multi-pushdown automata, the set of all predecessors 
of a regular set of configurations is an effectively constructible regular set. We exploit 
this result to solve the global model-checking which consists in computing the set of all 
configurations of an ordered multi-pushdown automaton that satisfy a given w-regular 
property (expressible in linear-time temporal logics or the linear-time /i-calculus) . As 
an immediate consequence, we obtain an 2ETIME upper bound for the model-checking 
problem of w-regular properties for ordered multi-pushdown automata (matching its lower- 
bound). 



Automated verification of multi-threaded programs is an important and a highly challenging 
problem. In fact, even when such programs manipulate data ranging over finite domains, 
their control structure can be complex due to the handling of (recursive) procedure calls in 
the presence of concurrency and synchronization between threads. 

In the last few years, a lot of effort has been devoted to the verification problem for 
model s of concurrent programs (see, e.g ., [BMOT051 |T MP07j IKah09l IABT081 ITMP081 
IAT091 IHLMS101 ILRM IGMM101 |EQRllj IBEPlll lENll] ) where each thread corresponds 
to a sequential program with (recursive) procedure calls. In fact, it is well admitted that 
pushdown automata are adequate models for such kind of threads [E K99} IRSJ03] . and 
therefore, it is natural to model recursive concurrent programs as multi-stack automata. 

In general, multi-stack automata are Turing powerful and hence come along with un- 
decidability of basic decision problems [RamOO . A lot of efforts have been nevertheless 
devoted recently to the development of precise analysis algorithms of specific formal models 
of some classes of programs [LS98l lEPTIUl IBT03| EVM[ I.TM07j . 

Context-bounding has been proposed in |QR05| as a suitable technique for the analysis 
of multi-stack automata. The idea is to consider only runs of the automaton that can be 

1998 ACM Subject Classification: D.2.4, D.3.1, F.4.3, 1.2.2. 

Key words and phrases: Multi-pushdown Automata, Program Verification, LTL model-Checking. 
* A shorter version of this paper has been published in the Proceedings of CONCUR TO and FSTTCSTO. 



MOHAMED FAOUZI ATIG 



Introduction 




DOI:1 0.21 68/LMCS-8(3:20)201 2 



© Creative Commons 



© M. F. Atig 



2 



M. F. ATIG 



divided into a given number of contexts, where in each context pop and push transitions 
are exclusive to one stack. The state space which may be explored is still unbounded in 
presence of recursive procedure calls, but the context-bounded reachability problem is NP- 
complete even in this case. In fact, context-bounding provides a very useful tradeoff between 
computational complexity and verification coverage. 

In [TMP07] . La Torre et al. propose a more general definition of the notion of a context. 
For that, they define the class of bounded-phase visibly multi-stack pushdown automata 
(BVMPA) where only those runs are taken into consideration that can be split into a given 
number of phases, where each phase admits pop transitions of one particular stack only. In 
the above case, the emptiness problem is decidable in double exponential time by reducing 
it to the emptiness problem for tree automata. 

Another way to regain decidability is to impose some order on stack transitions. In 
[BCCC96], Breveglieri et al. define ordered multi-pushdown automata (OMPA), which im- 
pose a linear ordering on stacks. Stack transitions are constrained in such a way that a 
pop transition is reserved to the first non-empty stack. In [ABHQ8], the emptiness problem 
for OMPA is shown to be 2ETIME-complete. (Recall that 2ETIME is the class of all de- 
cision problems solvable by a deterministic Turing machine in time 2 2 for some constant 
d.) The proof of this result lies in an encoding of OMPA into some class of grammars for 
which the emptiness problem is decidable. Moreover, the class of ordered multi-pushdown 
automata with 2k stacks is shown to be strictly more expressive than bounded-phase visibly 
multi-stack pushdown automata with k phases [ABH08J. 

In this paper, we consider the problem of verifying ordered multi-pushdown automata 
with respect to a given ui-regular property (expressible in the linear-time temporal logics 
[Pnu77| or the linear-time //-calculus [Var88]). In particular, we are interested in solving the 
global model checking for ordered multi-pushdown automata which consists in computing 
the set of all configurations that satisfy a given w-regular property. The basic ingredient 
for achieving this goal is to define a procedure for computing the set of backward reachable 
configurations from a given set of configurations. Therefore, our first task is to find a finite 
symbolic representation of the possibly infinite state-space of an ordered multi-pushdown 
automaton. For that, we consider the class of recognizable sets of configurations defined 
using finite state automata |QR05j lATmM ISetlO] . 

We show that for an ordered multi-pushdown automaton A4 the set of all predecessors 
Pre*{C) of a recognizable set of configurations C is an effectively constructible recognizable 
set. For this, we introduce the class of effective generalized pushdown automata (EGPA) 
where transitions on stacks are (1) pop the top symbol of the stack, and (2) push a word in 
some effective language L over the stack alphabet. The language L is said to be effective if 
the problem consisting in checking whether L intersects a given regular language is decid- 
able. Observe that L can be any finite union of languages defined by a class of automata 
closed under intersection with regular languages and for which the emptiness problem is 
decidable (e.g., pushdown automata, Petri nets, lossy channel machines, etc). Then, we 
show that the automata-based saturation procedure for computing the set of predecessors 
in standard pushdown automata [BEM97) can be extended to prove that for EGPA too 
the set of all predecessors of a regular set of configurations is a regular set and effectively 
constructible. As an immediate consequence of this result, we obtain similar decidability 
results of the decision problems for EGPA like the ones obtained for pushdown automata. 

Then, we show that, given an OMPA A4 with n stacks, it is possible to construct an 
EGPA V, whose pushed languages are defined by OMPA with (n — 1) stacks, such that 
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the following invariant is preserved: The state and the stack content of V are respectively 
the same as the state and the content of the n th stack of A4 when its first (n — 1) stacks 
are empty. Let C be a recognizable set of configurations of A4, and Pre*{C) the set of 
predecessors of C. Then, we can apply the saturation procedure to V to show that the 
set of configurations C n , consisting of Pre*(C) restricted to the configurations in which 
the first (n — 1) empty stacks are empty, is recognizable and effectively constructible. To 
compute the intermediary configurations in Pre*{C) where the first (n — 1) stacks are not 
empty, we construct an ordered multi-pushdown automaton A4' with (n — 1) stacks that: 
(1) performs the same transitions on its stacks as the ones performed by A4 on its first 
(n — 1) stacks, and (2) simulates a push transition of A4 over its n th stack by a transition 
of the finite-state automaton accepting the recognizable set of configurations C n . Now, we 
can apply the induction hypothesis to M! and construct a finite-state automaton accepting 
the set of all predecessors Pre*(C). 

As an application of this result, we show that the set of configurations of an ordered 
multi-pushdown automaton satisfying a given u>-regular property is recognizable and effec- 
tively constructible. Our approach also allows us to obtain an 2ETIME upper bound for 
the model checking problem of u>-regular properties for ordered multi-pushdown automata 
(matching its lower-bound [ABH08J). 

Related works: As mentioned earlier, context-bounding has been introduced by Qadeer 
and Rehof in [Q R05| for detecting safety bugs in shared memory concurrent programs. Sev- 
eral extensions of context-bounding to other classes of programs and efficient procedures for 
context-bounded analysis have been proposed in [BESS051 |BFQ07l ILR081 |ABQ09j ITMPM 
LMP09, LMP10 . Other bounding concepts allowing for larger /incomparable coverage of 
the explored behaviors have been proposed in [TMP071 IGMM101 |EQRllj IBEP114 [LNlT] . 

In |SetlO| . A. Seth shows that the set of predecessors of a recognizable set of config- 
urations of a bounded-phase visibly multi-stack pushdown automaton is recognizable and 
effectively constructible. In fact, our results generalize the obtained result in [SetlOj since 
any bounded-phase visibly multi-stack pushdown automaton with k phases can be simulated 
by an ordered multi-pushdown automaton with 2k stacks [ABH08] . 

In this line of work, the focus has been on checking safety properties. In [MP 11] . 
P. Madhusudan and G. Parlato propose a unified and generalized technique to show the 
decidability of the emptiness problem for several restricted classes of concurrent pushdown 
automata (including ordered multi-pushdown automata). The proof is done by showing that 
the graphs of each such computations (seen as a multi-nested words) have a bounded tree- 
width. This result implies that model checking MSO properties (over finite-computations) 
for these systems is decidable for OMPA. In the conclusion of [MPllj . the authors claim 
that their approach can be used to show the decidability of the model checking of w-regular 
properties over infinite computations of OMPA but no proof was provided. Moreover, the 
authors does not address the global model-checking problem for OMPA neither establish 
its complexity as we do. 

To the best of our knowledge, this is the first work that addresses the global model 
checking for ordered multi-pushdown automata. In this paper, we extend [AtilOal lAtilObj 
by adding details and missing proofs. 
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1. Preliminaries 

In this section, we introduce some basic definitions and notations that will be used in the 
rest of the paper. 

Integers: Let N be the set of natural numbers. For every i,j e N such that i < j, we use 
(resp. [i,j[) to denote the set {k G N | i < k < j} (resp. {k G N | % < k < j}). 

Words and languages: Let £ be a finite alphabet. We denote by S* (resp. S + ) the set 
of all words (resp. non empty words) over S, and by e the empty word. A language is 
a (possibly infinite) set of words. We use E e and LangiT,) to denote respectively the set 
X U {e} and the set of all languages over S. Let u be a word over £. The length of u is 
denoted by |u|. For every j G [1, |u|], we use u(j) to denote the j th letter of u. We denote 
by u R the mirror of u. 

Transition systems: A transition system (TS for short) is a triplet T = (C, S, — >) where: 
(1) C is a (possibly infinite) set of configurations, (2) £ is a finite set of labels (or actions) 
such that C (~l £ = 0, and (3) — >C C x £ e x C is a transition relation. We write c-^tjd 
whenever c and d are two configurations and a is an action such that (c, a, d) G— K 

Given two configurations c, c' G C, a finite run p of T from c to c' is a finite sequence 
coaici • • • a n c n , for some n > 1, such that: (1) cq = c and c ra = c', and (2) q a ' +1 > 7~ q + i for 
all i G [0, n[. In this case, we say that p has length n and is labelled by the word aia 2 ■ ■ ■ a n . 

Let c, d G C and n G S*. We write c^^jd if one of the following two cases holds: (1) 

n 

n = 0, c = d , and u = e, and (2) there is a run p of length n from c to d labelled by u. We 
also write c=^>^-c' (resp. c=^>ic') to denote that c=^-j-d for some n > (resp. n > 0). 

n 

For every Ci, C 2 C C, let Tracesrid, C 2 ) = {n G S* | 3(d, c 2 ) G Ci x C 2 , ci =»f c 2 } 
be the set of sequences of actions generated by the runs of T from a configuration in C\ to 
a configuration in C 2 . 

For every C C C, let Pre r (C ,/ ) = {c G C | 3(c',a) G C" x S e , c c'} be the set of 
immediate predecessors of C. Let Pre^- be the reflexive-transitive closure of Pre-j-, and let 
Pre^j- = Pre-f o Pre^ where the operator o stands for the function composition. 

Finite state automata: A finite state automaton (FSA) is a tuple A = (Q,S,A,J, F) 
where: (1) Q is the finite non-empty set of states, (2) E is the finite input alphabet, (3) 
A C [Q x S e x Q) is the transition relation, (4) I C Q is the set of initial states, and 
(5) F C Q is the set of final states. We represent a transition (q,a,q') in A by q-^Al'- 
Moreover, if /' and F' are two subsets of Q, then we use A(I', F') to denote the finite state 
automaton defined by the tuple (Q, S, A, F'). 

The size of A is defined by |.4| = (|Q| + |S| + |A|). We use T{A) = (Q, S, A) to denote 
the transition system associated with A. The language accepted (or recognized) by A is 
given by L(A) = Traces T ^ A) (I ', F). 

2. Generalized pushdown automata 

In this section, we introduce the class of generalized pushdown automata where transitions 
on stacks are (f ) pop the top symbol of the stack, and (2) push a word in some (effectively) 
given set of words L over the stack alphabet. A transition t is of the form 5(p, 7, a,p') = L 
where L is a (possibly infinite) set of words. Being in a configuration (q, w) where q is 
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a state and uu is a stack content, t can be applied if both p = q and the content of the 
stack is of the form 711/ for some w' . Taking the transition and reading the input letter 
a (which may be the empty word), the automaton moves to the successor configuration 
(p',uw') where u G L (i.e., the new state is p', and 7 is replaced with a word u belonging 
to the language L). Formally, we have: 

Definition 2.1 (Generalized pushdown automata). A generalized pushdown automaton 
(GPA for short) is a tuple P = (P, E, T, 6,po, 70, F) where: (1) P is the finite non-empty set 
of states, (2) E is the input alphabet, (3) T is the stack alphabet, (4) 6 : PxrxS e xP-> 
Lang(T) is the transition function, (5) po G P is the initial state, (6) 70 G T is the initial 
stack symbol, and (7) F C P is the set of final states. 

Next, we define the effectiveness property for generalized pushdown automata. Intu- 
itively, the generalized pushdown automaton V is said to be effective if for any possible 
pushed language L by V (i.e., <5(p, 7, a,p') = L for some p,p' G Q, 7 G T, and a G E e ), 
the problem of checking the non-emptiness of the intersection of L and any given regular 
language (i.e. accepted by a finite-state automaton) is decidable. 

Definition 2.2 (Effectiveness Property). A GPA V = (P, E, T, <5,p , 7o, F) is effective if 
and only if for every finite state automaton A over the alphabet T, it is decidable whether 
L(A) n 6(p, j,a,p') / for all p,p' G P, 7 G T, and a G E e . 

A configuration of a GPA V = (P, E, T, 5,po, 70, F) is a pair (p, w) where p G P and 
i« G r*. The set of all configurations of V is denoted by Conf(V). Similarly to the 
case of pushdown automata [BEM97 , we use the class of P-automata as finite symbolic 
representation of a set of configurations of GPA. Formally, a P-automaton is a FSA A = 
(Qa, r, A,4, 14, Fjs) such that I a = P. We say that a configuration (p, w) of P is accepted 
(or recognized) by A if w G L(A({p} , F^)) ■ The set of all configurations recognized by A 
is denoted by L-p(A). A set of configurations of P is said to be recognizable if and only if 
it is accepted by some P-automaton. 



V = {{Po,Pi,P2,Pf}, {a, b, c}, {_L, 70, 71, 72}, S,Po, -L, {Pf}) 

6(p ,±,e,p 2 ) = {727i7o-L I » e N} ^fe,72, a,P2) = W 

£(P2,7lAPl) = W <KPl,7l)Ml) = W 

<5(Pi,7o,c,po) = {e} <5(po,7o,c,j>o) = {e} 

5(p0) -L, c,Pf) = {e} otherwise 



Table 1: A GPA V for {e} U {a^VV^V 2 ■ ■ ■ a ik b l "c k \ k > 1 and h,. . . ,i k > 0} 

The transition system T(P) associated with the generalized pushdown automaton P is 
defined by the tuple (Conf (P), E, — >■) where — > is the smallest transition relation such that: 
For every p,p' G P, 7 G T, and a G E e , if <5(p, 7, a,p') ^ 0, then (p^w) -^+t(P)(p' \ u w) for 
all u G 5(p, / y,a,p') and w G T*. Let L(P) = Traces f(v) ({(POi 7o)}> ^ x { e }) denote the 
language accepted by P. 

Observe that pushdown automata can be seen as a particular class of effective GPA 
where 5(p, 7, a,p') is a finite set of words for all (p,~/,a,p'). 

Table Q] shows an example of an effective generalized pushdown automaton where the 
pushed language {727J70-L I i G N} can be accepted by a Petri net (with reachability as 
acceptance condition). 
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2.1. Computing the set of predecessors for an GPA. In this section, we show that the 
set of predecessors of a recognizable set of configurations of an effective GPA is recognizable 
and effectively constructible. This is done by adapting the construction given in [BEM97, 
EHRSOOj ISch02| . On the other hand, it is easy to observe that the set of successors of a 
recognizable set of configurations of an effective GPA is not recognizable in general (see the 
example given in Table [1]). 

Theorem 2.3. For every effective generalized pushdown automaton V, and every V- 
automaton A, it is possible to construct a V -automaton recognizing Pre^-^(L-p(A)). 

The rest of this section is devoted to the proof of Theorem 12.31 For that, let 
V = (P, S, r, S,po, 7q, jP) be an effective generalized pushdown automata and A = 
(QAi r, A_4, J4, FX) be an V- automaton. Without loss of generality, we assume that A 
has no transition leading to an initial state. We compute Pre^^(L-p(A)) as the set of 
configurations recognized by an P-automaton A pre * = (Qa> I\ A pre * , I4, Fj£) obtained from 
A by means of a saturation procedure. Initially, we have Apre* = A. Then, the procedure 
adds new transitions to A pre *, but no new states. New transitions are added according to 
the following saturation rule: 

For every p,p' G P, 7 G T, and a G S e; if 5(p, 7, a,p') 7^ 0, then for every q G Qa 
such that 5(p,7,a,p') n L(A pre * ({p'}, {(?})) 0> a ^d the transition {p,j,q) to A pre * 



It is easy to see that the saturation procedure eventually reaches a fixed point because 
the number of possible new transitions is finite. Moreover, the saturation procedure is well 
defined since the emptiness problem of the language [S(p, 7, a, p') D L(A pre *({p'}, {</}))) is 
decidable (V is an effective GPA). Then, the relation between the set of configurations 
recognized by A pre * and the set Pre^-^(L-p(A)) is established by Lemma l2~4l (Observe 
that Theorem 12.31 follows from Lemma l2.4l ) 

Lemma 2.4. L v (A pre *) = Pre^-, v JL-p(A)). 

Lemma 12.41 is an immediate consequence of Lemma 12.51 and Lemma 12. 6t Lemma 
12.51 shows that Pre^j-^(L-p(A)) C L-p(A pre *) while Lemma [2.61 establishes Lp(A pre *) C 
Pre* nv) (L v (A)). 

Lemma 2.5. For every configuration (p',w r ) G L-p(A), if {p^w) =^^j-^ (p',w') for some 
t G S*, then (p,w) G L-p(A pre *)- 

Proof. Assume (p, w) ==>t(V) (p\ w> )- We proceed by induction on n. 

Basis, n = 0. Then, p = p' and w' = w. Since (p',w') G L-p{A) and Lp(A) C Lp(A pre *), 
we have (p, w) G L-p(A pre *). 

Step, n > 0. Then, there is a configuration (p",w") G Conf(V) such that: 

(p, w) -^ T (V) (P", w") =f T(P) (P', w ') 
for some a G S e and r' G S* such that r = ar'. 
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We apply the induction hypothesis to (p",w") T > t(V) ip' i w ')i an d we obtain: 

n— 1 

( P ",w")eL r (A pre *) 

Since (p, w) -^t(P) (p"> w ")i there are 7 G V and u, v G T* such that: 

u> = 7U, u/' = uv, and u G 5(p,~/, a,p") 

Let g be a state of -4. pre * such that: 

u G L(yVe* ({?>"}, {<?})) and u G L(^ pre *({g}, F4)). 

Such a state g exists since uv G L(^ pr . e * ({p"}, i^)). By the saturation rule, we have that 
(j), 7, q) is a transition of .4 pre * since u G L(„4 pre * ({p"}, {q})) H 7, a,p"). This implies 
that w = 7f G i(^4pre*({p},^») since (p,j,q) G A^ pre , and u G L(„4 pre » ({<?}, F4)). Hence, 
we have (p, u>) G Lp(,4 pr . e *). □ 

In the following, we establish that L-p{A pre *) C Pre^-^-j(Lp(^l)). This is an an imme- 
diate corollary of the following lemma: 

Lemma 2.6. If w £ L(A pre *({p}, {q})), then (p,w) ==>^-^ (p' ,w') for a configuration 
(p',w') and t G X* such that w' G L(Ao({p'}, {<?}))■ Moreover, if q is an initial state of 
Ap r e*, then we have p' = q and w' = e. 

Proof. Let A n = {Qa-> I\ Aj, 1^, Fj) be the "P-automaton obtained after adding n transi- 
tions to A. In particular, we have .Ao = A. Then, it is easy to see that L-p(A) = Lp(Ao) Q 
L v {Ai) C L V (A 2 ) C • • • C L v (A pre *)- 

Let n be an index such that w G L(A n (p, q)) holds. We shall prove the first part of 
Lemma 12.61 by induction on n. The second part follows immediately from the fact that 
initial states have no incoming transitions in Aq. 

Basis, n = 0. Since w G L(A n ({p}, {q})) holds, take w' = w and p' = p. 

Step, n > 0. Let t = {p" , 7, q') be the n-th transition added to A pre *. Let m be the number 

of times that t is used in P==>7-(_4 n ) q- 

The proof is by induction on m. If m = 0, then we have w G L(A n -i({p}, {q})), and 
the property (1) follows from the induction hypothesis (induction on n). So, assume that 
m > 0. Then there exist u and v such that w = wyv and 

u G L(A-i(M, {p"}))> V" -^T(A n ) <f, and « G L(A n ({q'}, {q})). 
The application of the induction hypothesis to u G L(A n -i({p} , {p"})) yields to that: 

(p, u) =^^j-^ (p", e) for some r G X*. 

Since the transition (p",7, (/) has been added by applying the saturation procedure, there 
exist p'", W2, and a G S e such that: 

^2 G 5(p" 5 7,a,p w ), and w 2 G L^A-l ({?/"}, {<?'}))• 
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From u>2 € L(A n -i({p'"}, {</})) and v € L(-4, n ({V}, {?})), we get that there is a computa- 
tion p = p'" 2 > y(A ) ^ sucn that the number of times transition t is used is strictly less 
than m. So, we can apply the induction hypothesis (induction on m) to p, and we obtain: 

t" 

(p , W2v) =^^-,pv (p ; , it) ) for a configuration (p', u; ) and r € S* s.t. w G L(^4o({p'} 5 {<?}))• 
Putting all previous equations together, we get w' € L(^4o({p'} ; {<?}))> an£ h 

t' a t" 

(p, w) = (p, U7w) =^ (7 ,) (p , 7«) — ^T(P) (P , ^2«) (P) (P ' 
This terminates the proof of Lemma 12.61 □ 



2.2. Emptiness problem and closure properties for GPA. In this section, we show 
that the emptiness problem is decidable for effective generalized pushdown automata. This 
is an immediate consequence of the fact that the set of predecessors of a recognizable set 
of configurations of an effective generalized pushdown automaton is also recognizable and 
effectively constructible. 

Theorem 2.7. The emptiness problem is decidable for effective generalized pushdown au- 
tomata. 

Proof. Let V = (P, S, T, 5,po, 70, F) be an effective generalized pushdown automaton. It 
is easy to see that L(V) 7^ if and only if (po,7o) £ Fre*j^(F x { £ })- By Theorem 12. 3} 
we can construct a P-automaton A pre * that recognizes exactly the set Pre^-^(F x {e}) 
since F x {e} is a recognizable set of configurations. Hence, the emptiness problem for V is 
decidable since checking whether (po,7o) is in L-p{Ap Te *) is decidable. □ 

Next, we show some closure properties for effective generalized pushdown automata. 

Theorem 2.8. The class of effective GPAs is closed under concatenation, union, Kleene 
star, projection, homomorphism, and intersection with a regular language. However, effec- 
tive GPAs are not closed under intersection. 

Proof. Showing the closure of the class of effective generalized pushdown automata under 
concatenation, union, Kleene star, projection, homomorphism, and intersection with a reg- 
ular language is similar to the case of pushdown automata. The only issue to prove is 
the closure under intersection. For that, let us assume by contradiction that the class of 
effective GPAs is closed under the intersection operation. Let V\ and Vi two pushdown 
automata. Since the class of pushdown automata is a particular class of effective general- 
ized pushdown automata and the class of effective generalized pushdown automata is closed 
under the intersection operation (from the contradiction's hypothesis), there is an effective 
generalized pushdown automaton V such that L(V) = L(Vi) H Li^P-i). Applying Theorem 
12.71 to V, we obtain the decidability of the emptiness problem of the intersection of two 
context-free languages, which is a contradiction. □ 
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3. Ordered multi-pushdown automata 

In this section, we first recall the definition of multi-pushdown automata. Then ordered 
multi-pushdown automata appear as a special case of multi-pushdown automata. 

3.1. Multi-pushdown automata. Multi-pushdown automata have one read-only left to 
right input tape and n > 1 read-write memory tapes (stacks) with a last-in-first-out rewrit- 
ing policy. A transition is of the form t = (q, 71, . . . , 7„) -^(g', cti, . . . , a n ). Being in a 
configuration (p, w\, . . . , w n ), which is composed of a state p and a stack content Wi for each 
stack i, t can be applied if both q = p and the i-th stack is of the form for some w\. 
Taking the transition and reading the input symbol a (which might be the empty word), 
the automaton moves to the successor configuration (g', aiw[, . . . , a n w' n ). 

Definition 3.1 (Multi-pushdown automata). A multi-pushdown automaton (MPA) is a 
tuple M = (n, Q, S, T, A, q , 70, F) where: 

• n > 1 is the number of stacks. 

• Q is the finite non-empty set of states. 

• £ is the finite set of input symbols. 

• r is the finite set of stack symbols containing the special stack symbol _L. 

• AC [Q x (r e ) n ) x £ e x [Q x (r*) n ) is the transition relation such that, for all 
((9,7i) • • • )7n),a, (q',cti, . . . ,a n )) G A and i G [l,n], we have: 

- < 2. 

- If 7i ^±, then ai G(r\{±})*. 

- If 7i = _L, then oli = a^_L for some ct i G (r e \ {_L}). 

• go £ Q is the initial state. 

• 70 G (r \ {_L}) is the initial stack symbol. 

• F <Z Q is the set of final states. 

The size of M, denoted by \M\, is defined by (n + |Q| + |S| + |T| + |A|). In the 
rest of this paper, we use (g, 71,. . . ,7„) -^m{q' 1 a i, • • • > a n) to denote that the transition 
((g, 71, . . . ,7 n ),a, (g',ai, . . . ,a n )) is in A. Moreover, we denote by M(q, 7, g') the multi- 
pushdown automaton defined by the tuple (n, Q, S, T, A, g, 7, {g'}). 

A stack content of M is an element of Stack(M) = (T \ {±})*{_L}. A configuration 
of M. is a (n + l)-tuple (q,wi, . . . ,w n ) with g G Q, and tfi, . . . ,w n G Stack (M). A config- 
uration (g, u;i, . . . , w n ) is final if g G F and w± = ■ ■ ■ = w n = _L. The set of configurations 
of is denoted by Conf(M). 

The behavior of M. is described by its corresponding transition system T(M) 
defined by the tuple (Conf(M), S, — >) where — )■ is the smallest transition rela- 
tion satisfying the following condition: if (g, 71, . . . , j n ) -^mWi a i, ■ ■ ■ , o^n), then 
(g,7iu>i, . . . ,7„ro n ) - 2 4> T (_ M )(g / , qi^i, . . . ,a n w n ) for all G T* such that 

7iiwi, . . . , "fnWn G Stack{A / i). Observe that the symbol _L marks the bottom of a stack. 
According to the transition relation, _L can never be popped. 

The language accepted (or recognized) by M. is defined by the set L(M) = {r G S* | 
(go, 70^, -L, . . . , -L) ==^n-(M) c ^ or some fi na l configuration c}. 
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3.2. Symbolic representation of MPA configurations. We show in this section 
how we can symbolically represent infinite sets of multi-pushdown automaton configu- 
rations using special kind of finite automata which were introduced in [SetlOj . Let 
Ai = (n, Q, S, T, A, qo, 70, F) be a multi-pushdown automaton. An .M-automaton for ac- 
cepting configurations of Ai is a finite state automaton A = {Qmi T> &m> Im> Fm) such 
that Im = Q- We say that a configuration (q, w\ , . . . , w n ) of Ai is accepted (or recog- 
nized) by A if and only if the word w = w±W2 • • • w n is in L(A({q} , Fm)) ■ (Notice that 
for every word w G L(A({q}, Fm)) there are unique words wi,...,w n G Stack (M) such 
that w = w\ ■ ■ ■ w n .) The set of all configurations recognized by A is denoted by Lm(A). 
A set of configurations of Ai is said to be recognizable if and only if it is accepted by 
some .M-automaton. Finally, it is easy to see that the class of M-automata is closed under 
all the boolean operations and that emptiness and membership problems are decidable in 
polynomial time. 

3.3. Ordered multi-pushdown automata. An ordered multi-pushdown automaton is a 
multi-pushdown automaton in which one can pop only from the first non-empty stack (i.e., 
all preceding stacks are equal to _L). 

Definition 3.2 (Ordered multi-pushdown automata). An ordered multi-pushdown au- 
tomaton (OMPA for short) is a multi-pushdown automaton (re, Q, S, T, A, qo, 70, F) where, 
for each transition (q, 71, . . . , 7 n ) -^m (</> a i> • • • > a n), there is an i G [L n ] such that 
7i = • • • = H-l = JL, 7» G r e; and 7; + i = • • • = 7™ = e. 

We introduce the following abbreviations: (1) For re > 1, we call an MPA/OMPA an 
re-MPA/n-OMPA, respectively, if its number of stacks is n, and (2) An MPA over S is an 
MPA with input alphabet E. 

In the following, we consider only ordered multi-pushdown automata in some normal 
form. This normal form is used only to simplify the presentation. (Observe that this form 
is slightly more general than the one considered in [ABH08J.) In such normal form, any 
transition, that pops a symbol from the i th stack with i G [2, n], is only allowed to push a 
symbol on the first stack. Furthermore, pushing symbols on the stacks from 1 to n is only 
allowed while popping a symbol from the first stack. 

Definition 3.3. An OMPA (n, Q, S, T, A, qo, 70, F) is in normal form if A contains only 
the following types of transitions: 

• (q, 7, e, . . . , e) -^m a i> • • • > Q n) for some q, q' G Q, 7 G T, a G S e , a% G T* and 
ay G (r e \ {-L}) for all j G [2, n]. This transition pops a symbol from the first stack while 
pushing at most two symbols on the first stack and at most one symbol on the stacks 
from 2 to n. 

• {q, J-, • • • , -i, 1, e, ■ ■ ■ , e) ~^M (<?', V-L, _L, . . . , ±, e, e, . . . , e) for some q,q' G Q, 7,7' G (r \ 
{±}) and a G S e . This transition pops the stack symbol 7 from one of the stacks from 2 
to n and pushes the stack symbol 7' on the first stack. 

We can show the equivalence (with respect to language acceptance) between the class of 
OMPA and OMPA in the normal form. 

Lemma 3.4. An n-OMPA A4 can be transformed into an n-OMPA Ad' in normal form 
with linear blowup in its size such that L{Ai) = L(Ai'). 
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Proof. An easy generalization of the proof for the Chomsky normal form for context-free 
grammars. □ 

In the rest of the paper, we assume that any OMPA is in the normal form. Next, we 
recall some properties of the class of languages recognized by n-OMPA. 

Lemma 3.5 ( [BCCC 96]). If M.% and M.2 are two n-OMPAs over an alphabet X, then it is 
possible to construct an n-OMPA Ai over X such that: (1) L{Ai) = L(Ai\) U L(Ai2) and 
\M\ = 0(\Mi\ + \M 2 \). 

Lemma 3.6 f [BCCC 96j). Let X be an alphabet. Given an n-OMPA Ai over X and a 
finite state automaton A over X, then it is possible to construct an n-OMPA At' such that: 
L(M') = L(M) n L(A) and \M'\ = 0(\M\ ■ \A\). 



4. The emptiness problem for a n-OMPA is in 2ETIME 

In this section, we show that the emptiness problem for ordered pushdown automata is 
in 2ETIME. (We provide here a simpler proof of the 2ETIME upper bound than the one 
given in [ABH08].) To this aim, we show that, given an OMPA Ai with n > 1 stacks, 
it is possible to construct an effective generalized pushdown automaton V, whose pushed 
languages are defined by OMPA with (n — 1) stacks of size 0(\ Ai\ 2 ), such that the following 
invariant is preserved: The state and the stack content of V are respectively the same as 
the state and the content of the n th stack of Ai when its first (n — 1) stacks are empty (and 
so, L(V) 7^ if and only if L(Ai) ^ 0). Let C be a recognizable set of configurations of A4, 
and Pre^-^ M ~j (C) the set of predecessors of C. Then, we can apply the saturation procedure 
to V to show that the set of configurations C n , consisting of Pre^-^ M -^(C) restricted to 
the configurations in which the first (n — 1) empty stacks are empty, is recognizable and 
effectively constructible. To compute the intermediary configurations in Pre^^(C) where 
the first (n — 1) stacks are not empty, we construct an ordered multi-pushdown automaton 
A4' with (n — 1) stacks that: (1) performs the same transitions on its stacks as the ones 
performed by A4 on its first (n — 1) stacks, and (2) simulates a push transition of A4 over 
its n th stack by a transition of the finite-state automaton accepting the recognizable set 
of configurations C n . Now, we can apply the induction hypothesis to M' and construct a 
finite-state automaton accepting the set of all predecessors Pre^^ M ^(C). 

Then, we prove, by induction on n, that the emptiness problem for the n-OMPA Ai is 
in 2ETIME with respect to the number of stacks. For that, we assume that the emptiness 
problem for (n — l)-OMPA can be solved in 2ETIME. This implies that the generalized 
pushdown automaton V (that simulates M.) is effective (see Definition 12.21 and Lemma 
13. 6p . Now, we can use Theorem 12.71 to prove the decidability of the emptiness problem of 
the effective generalized pushdown automaton V (and so, of the n-OMPA Ai). To show 
that the emptiness problem of V and A4 is in 2ETIME, we estimate the running time of 
our saturation procedure, given in section 12.14 under the assumption that the emptiness 
problem for (n - l)-OMPA can be solved in 2ETIME. 

Let us give in more details of the proof described above. 
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4.1. Simulation of an OMPA by an GPA. In the following, we prove that, given an 
OMPA A4, we can construct a GPA V , with transition languages defined by (n — l)-OMPAs 
of size 0(|A4| 2 ), such that the emptiness problem for A4 is reducible to the emptiness 
problem for V. (Recall that any OMPA is assumed to be in normal form.) 

Theorem 4.1. Given an OMPA A4 = (n, Q, £, T, A, qo, jq, F) with n > 1, it is possible to 
construct an GPA V = (P, T, 5,po, _L, {pj}) such that P = Q U {po,Pf}, £' = 0, and we 
have: 

• L(M) / if and only if L(V) + %, and 

• For every pi,p2 S P and 7 G T, there is an (n — l)-OMPA A4fp 1)7)P2 ) over T such that 

L (M(pi,7,p 2 )) = (^(Pi^^.^))^ and |A^(p 1)7)P2 )| = 0(|A4f). 

The remaining part of this subsection is devoted to the proof of Theorem 14. 11 Let us present 
the main steps of the construction of the generalized pushdown automaton V. For that, let 
us consider an accepting run p of M. This run can be seen as a sequence of runs of the 
form ?i<7i?20"2 • • • ? m <7m such that the pop transitions operations are exclusive to the first 
(n — l)-stacks (resp. the n th stack) of M. along the sequence of runs Si, S2, . . . , £ m (resp. 
<7i,o"2, . . . ,o m ). Observe that, by definition, the first (n — l)-stacks of M. are empty along 
the runs 01,02, ■ ■ ■ , o m . Moreover, at the beginning of the runs Si, S2, • • • , Sm> the OMPA 
Ad is in some configuration c where the first stack of A4 contains just one symbol and the 
stacks from 2 to n — 1 are empty (i.e., c of the form (q, 7_L, _L, . . . , _L, w)). Observe that 
this is an immediate consequence of the normal form that we have considered (since KA is 
only allowed to push just one symbol on the first stack while popping a symbol from the 
stacks from 2 to n). In the case that M. is not in the normal form, notice that the set of 
all possible contents of the first (n — l)-stacks, at the beginning of the runs si, S2, • • • , ?m, is 
still finite. Later, we will use this observation to show how we can adapt our construction 
to the general case (when M. is not in the normal form). 

Then, we construct V such that the following invariant is preserved during the simula- 
tion of A4: The state and the content of the stack of V are the same as the state and the 
content of the n th stack of M. when its first (n — l)-stacks are empty (and so, L(V) ^ if and 
only if L{AA) ^0). To this aim, a pushdown transtion of M. that pops a symbol 7 from its 
n th stack is simply simulated by a pushdown transition of V that pops the same symbol 7. 
This implies that a run of the form Oi, with 1 < % < m, that pops the word Ui from the n th 
stack of Ai is simulated by a run of V that pops the same word Uj. Now, for every j G [1, m], 
we need to compute the pushed word Vj into the n-th stack of A4 during the run Sj in order to 
be pushed also by V. For that, let £(g )7 A <) be the set of all possible pushed words u into the 
n th stack of A4 by a run of the form (q, 7L, _L, . . . , ±, w) =^7-^) J-, _L, . . . , J_, uw) where 
pop transitions are exclusive to the first (n — l)-stacks of A4. We show that this language 
L(q i7 g /) can be characterized by an (n — l)-OMPA A4'(q, 7, q') over the stack alphabet of A4 
that: (1) performs the same transitions on its state and (n — l)-stacks as the one performed 
by A4 on its state and its first (n — 1) stacks while discarding the pop transitions of A4 over 
the n th stack, and (2) makes visible as transition labels the pushed symbols over the n th stack 
of A4. Now, to simulate the run <jj = (g, 7L, _L, . . . , _L, to) =^^-^ M ^ (q' , _L, _L, . . . , _!_, uw) of 

M. ( which is equivalent to say that Sj = (q, 7_L, _L, . . . , _L, _L) =>t(M) -L, ■ ■ ■ , -L, n)), 
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V can push into its stack the word u such that u R G L(Ai'(q, 7, q')). If Ai is not in the nor- 
mal form, the run will be of the form (q, a\, . . . , a n -i,w) =^77^) (q' , -L, -L, • • • , -L, uw) 

(i.e., (q, ct\, . . . , a n _i, _L) =^7-^) Wi -L, • • • , -L, u)). In this case, we can construct an 
(n — l)-OMPA M( g / jai y „ j(Xn _ X) qi\, which is precisely Ai' (q, 7, q') with (q, ati, ■ ■ ■ , a n ~i) as ini- 
tial configuration, characterizing the set of all possible pushed words u on the n^-stack. 
Thus, the (n — l)-OMPA, occurring in Theorem l4.lt will be indexed by tuples of the form 
(pi,ai, . . . ,a n -i,p 2 ) where pi,p 2 G P and ati, . . . ,a n -l G (T e U T 2 ). 

The proof of Theorem 14.11 will be structured as follows. First, we define an (n — 1)- 
OMPA Ai' over the alphabet T that: (1) performs the same transitions on its state and 
(n — l)-stacks as the one performed by Ai on its state and its first (n — 1) stacks while 
discarding the pop transitions of Ai on the n th stack, and (2) makes visible as transition 
labels the pushed symbols over the n th stack of Ai. Intuitively, depending on the initial 
and final configurations of At' , the "language" of Ai' summarizes the effect of a sequence 
of pop transitions of Ai over the first (n — l)-stacks on the n th stack of Ai. So, if we are 
interested only by the configurations of Ai where the first (n — 1) stacks are empty, a run 
of Ai can be seen as a sequence of alternations of a pop transition of Ai over the n th stack 
and a push operation over the n th stack of a word in the "language" of Ai'. 

Then, we construct a generalized pushdown automaton V such that the state and the 
stack content of V are the same as the state and the n^-stack content of Ai when the first 
(n — 1) stacks of Ai are empty. In the definition of V, we use the (n — 1)-0MPA Ai' to 
characterize the pushed word on the n th stack of Ai due to a sequence of pop transitions 
of Ai on the (n — 1) first stacks of Ai. This implies that the emptiness problem for Ai is 
reducible to its corresponding problem for V . 

Constructing the (n — l)-OMPA Ai': Let us introduce the following n-OMPA Ai[\^ n [ = 
(n, Q, S, T, A [1>n[ , q , 70, F) such that A [1(n[ = A n (Q x (r,)™- 1 x {e}) xS t x(Qx (r*j«)) . 
Intuitively, A^[i >n [ is built up from Ai by discarding pop transitions of Ai over the n th stack. 
Then, let Ai' = (n - 1, Q, T, T, A', q , 70, F) be the (n - l)-OMPA, built out from M[ ljTl [, 
which (1) performs the same transitions on the first (n — 1) stacks of [i in r, and (2) makes 
visible as transition label the pushed stack symbol over the n th stack of A4h „r. Formally, 
A' is defined as the smallest transition relation satisfying the following condition: 

• If (<?,7i, . . . ,7„-i,e) -£+M [lin[ Wi<xi, ■ ■ ■ ,a n -i,a n ) for some q,q' G Q, 71, . . .,7 n -i G T e , 
a G E £ , and a 1} . . . ,a n G T*, then (9,71, . . . ,7„_i) -^>- M >{q' ,ax, . . . ,a n _i). 

Observe that the pushed word a n over the n'^-stack consists in at most one symbol (i.e., 
a n G r e ). If Ai is not in the normal formal, a n can be of size two (say a n = 77'); and 
in this case we need to associate two transitions to Ai' which first read the symbol 7' and 
then the symbol 7. 

Let us now give the relation between the effect of a sequence of operations of A4[i jn [ on 
the n i/l -stack and the language of Ai'. 

Lemma 4.2. For every q,q' G Q, and w\, w[, . . . , w n , w' n G Stack (Aih n \), (q, Wi, . . . , w n ) 
= ^T(M 1 [) ^l' i w li ■ ■ ■ i w 'n) f or some T S S* if and only if there is u G T* such that 
(q,w 1 ,...,w n - 1 ) =^* T( ^ MI) (q',w' 1 ,...,w' n _ 1 ) and w' n = u R w n . 
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Proof. To prove Lemma 14,21 it suffices to observe that the following holds: For 
every q, q' G Q, wi,...,w n £ Stack(Ai^i^), and w' 1 ,...,w' n G Stack(Aiyi „[), 

(g, toi, . . . , w n ) -^f(M[i „[)(#' > w 'l-> ■ ■ ■ ' w 'n) f° r some a £ S e if and only if there is b £ T e 

such that (g, Wx> • • • j ui n -i) ~~^T(M') (.9 '■> w v • • • ' w n-i) ano - w n = This observation can 
be established easily using the definition of Ai' and -M[i )Tl [. O 

Constructing the GPA V: We are ready now to define the generalized pushdown au- 
tomaton V = (P, T, 5, po; -Lj with P = QU {po>P/} and £' = 0, that keeps track 
of the state and content of the n th stack of Ai when the first (n — 1) stacks are empty. 
Formally, V is built from Ai as follows: For every p,p' £ P and 7 G T, we have: 

• If p = p , 7 = JL> and p' G tnen 8(p,l,e,P') = {u R -L I w £ L(M'(qo,jo,p'))}- 

• If p £ F, 7 = _L, and p' = pf, then 5(p, 7, e,p') = {e}. 

• If p,p' £ Q and 7 / 1 then 5(p,7,e,p') = U( g , 7 ')eS (^C^'O?' l',p'))) R where 5 = 
{(q, V) G (Q x T) I 3a £ S £! (p, ±, . . . , _L, 7} (q, 7 '±, _L, . . . , ±, e}}. 

• Otherwise, 5(p,^/,e,p') = 0. 

Observe that for every pi,P2 £ P, and 7 G T, we can construct an (n — l)-OMPA 

M (pi,i,P2) over r such that L ( M (pi,7,P2)) = (<*(Pl>7> e >i>2)) and |-M(p 1)7 , P2 )| = 0(|A4| 2 ). 
This can be easily proved using Lemma 13, 51 

To complete the proof of Theorem 14. T\ it remains to show that the emptiness problem 
for Ai is reducible to its corresponding problem for V . This is stated by Lemma 14.31 

Lemma 4.3. L(M) ^ if and only if L(V) ^ 0. 

Proof. To prove that L(Ai) 7^ iff L(V) 7^ 0, we will show that the following invariant 
is preserved: The state and content of V are the same as the state and content of the 
last stack of Ai when its first (n — l)-stacks are empty. Thus, we will split the run of 
Ai at the transitions that pop some symbol from the last stack. This implies that a run 
of Ad can be decomposed as follows: (1) First a run from the initial configuration to the 
first reachable configuration where the first (n — l)-stacks are empty, and (2) a sequence of 
runs that are starting from a configuration where the first (n — l)-stacks are empty to the 
first reachable configuration with empty first (n — l)-stacks. Lemma 14.41 and Lemma 14.51 
establish the relation between these two kind of runs of Ai and the runs of V . Lemma 14.41 
shows that Ai can move from a configuration of the form (g, _L, . . . , _L, w) to a configuration 
of the form (g', J_, . . . , -L,w') if and only if V can move from the configuration (q,w) to 
the configuration (q',w'). Lemma 14.51 proves that V can move, in one step, from the 
initial configuration (po ; -L) to the configuration (q,w) if and only if -M[i jn [ can move from 
the initial configuration (go, 70 -L, _L, . . . , _L) to the configuration (g, JL, J_, . . . , ±, w). As an 
immediate consequence of Lemma 14.41 and Lemma |4.5| we obtain that L(Ai) 7^ if and 
only if L{V) ± 0. 

Lemma 4.4. For every q,q' £ Q and w,w' £ Stack(Ai), (g, w)=^^-^(q', w') if and only 
if (<?, -L, • • • , -L, w) =!^* T{M) (g', J_, . . . , ±, w') for some r G X*. 
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Proof. (The Only if direction) In the following, we show that if (q,w)=>?j-,j,\(q' ,w') 
then (q, _L, . . . , _L, w) =^7-^) (<?'> -Lj • • • , -L, w') for some r G £*. Assume that 
(q, w) ==>T(V) (q'i w ')- We proceed by induction on i. 

i 

Basis, i = 0. Then q = q' and w = w' . This implies that (g, _L, . . . , -L,w) =^^-^m) 
(q', _L, . . . , _L, w') holds with r = e. 

Step, i > 0. Then there is a configuration (p, t>) € Conf(V) such that: 

(9, ==f rep) (p> ^) r(p) w') (4.1) 

From the definition of V, we can show that p G Q and t> G Stack(A4) since q,q' € Q and 
u>,w/ G Stack(Ai). Thus, we can apply the induction hypothesis to (q,w) =^T(V) (Pi v )i 

i—l 

and we obtain: 

(q, !_, . . . , _L, u>) {M) (p, _L, . . . , 1, u) for some r' G S* (4.2) 
Since (p, v) t(V) {l'i w ')i there are 7 G T and u,v' G T* such that: 

v = jv' , w' = uv' , and u G <5(p, 7, e, q') (4.3) 
Using the definition of V, we can show that there are q" G Q, b G S e , and 7' G T such that: 

(^...^^-^((Ayj-,...,!^) and u R eL(M'(q",^,q')) (4.4) 
Since u fi G L(M'(q", 7', g')), 

we obtain: 

(<?", 7 '±, -L, . . . , _L) (M0 (q', J_, 1_, . . . , 1_) (4.5) 

Now, we can apply Lemma 14.21 to the computation of .M' given in Equation 14.51 and the 
stack content v 1 , and we obtain: 

(q", j'±,±,...,±,v') ^f(M [1>n[ ) (</, -1, ■ ■ ■ , (4.6) 

Since (p, _L, . . . , _L, 7} — >• » (q", j'J-, . . . , _L, e) and t> = jv', we obtain the following compu- 
tation of A4: 

(p,±,±,...,±,v)-^ T (M) (l", V-L, -L, • • • , ■!,«') (4-7) 
Putting together Equation 14.21 Equation 14. 6} and Equation 14.71 we obtain: 

(q,.L,..., ±, w) ^t(M) (<?', • • • , -L, «0 with r = r'6r" (4.8) 
This terminates the Only if direction of Lemma 14.41 

(The If direction) In the following, we show that if (g, _L, . . . , JL, uu) ^^~t{M) 

(q f , _L, . . . , _L, w') for some r G £*, then (q,w) =^7-777) (l'i w ')- Let us assume that 
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p = (q, _L, . . . , _L, w) =^7-(_A4) (</, -L, ■ ■ ■ , -L, w') for some r € E*. The proof is by induc- 
tion on the number of times that a pop transition over the n th stack of A4. is used in the 
run p. Let m be the number of times that a transition in A n = (A \ An n r) is used in p. 

Basis, m = 0. Then, q = q', w = w' , and r = e since no transitions from A n are used 
in p, and no transitions from A[i n r can be applied along the run p. This implies that 

(q,w) =^fcp) W^) holds - 

Step, m > 0. Then, there are 7,7' G (r \ {-L}), v G T*, and q±, qi G Q such that: 



pi = (q, JL, . . . , _L, w) =>f(A4) (?i> -L, ■ ■ ■ , JL, iv) (4.9) 

P2 = (<7i, -L, • • • , -L, yu) T(Mu) (?2, Y-L, • • • , -L, f ) (4.10) 

P3 = (52, Y-L, • • • , J-, «) ^T(M [1)n[ ) -L> • • • » -L> «0 ( 4 - n ) 
for some r', r" € £* and a£E f such that r = r' ar" . 



Observe that such decomposition of p is possible since in order to apply a transition in 
A n , the first (n — 1) stacks of .M must be empty. 

Now, we can apply the induction hypothesis to p%, and we obtain the following run of V: 

(q, w )^* nv) (q x , lv ) (4.12) 
We can also apply Lemma 14.21 to the run p%, and we obtain that there is u G T* such that: 

u G L(M'(q 2 ,7',q')), and w' = u R v (4.13) 

From the run p 2 , we get (q%, _L, _L, . . . , _L, 7) -^m (l2, 7'-L, -L, . . . , _L, e). Moreover, we have 
u G L(M'(q2, 7', <?'))• This implies that u fi G £(<Zi, 7, e, </)• This means that: 

(9,7*0 -^T(V)W,u R v) = (q',w') (4.14) 
Putting together Equations 14.121 and 14.141 we obtain: 

(q,w)=^* T(v) (q,yu)-Z* T y>)tf,v/) (4.15) 
This terminates the If direction of Lemma 14.41 □ 
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Next, we prove that V can perform a transition from the initial configuration (po, J_) to 
a configuration of the form (q, w) if and only if Ai r l n r can move from the initial configuration 
(qo, 7o-L, _L, . . . , J_) to the configuration (q, _L, JL, . . . , _L, w). 

Lemma 4.5. For every q G Q and w G Stack (Ai), (po, J_) -^+TCP)(Q> w ) an d on fy 
(qo, 7o-L, -L, • • • , J-) =^f(M[i n[ ) (<?> -U • • • > ^) / or some T G S * ■ 

Proof. (The If direction) Assume that p = (go,7o-L) -L, • • • ? -L) ) 
(g, JL, _L, . . . , JL, io) for some r G E*. Then, we can apply Lemma 14.21 to the run p. This 
implies that there is u G T* such that: 

(Qo,7o,-L, ■■■ ) -L)=^f(^/ ) (?)-•->••• ,J-) and «; = u K l 

This means that it € L(Ai'(qo, 70, g)), and therefore u fi J_ G £(po> -L, e, q). This implies that 
the system T(V) can move from the configuration (po,-L) to the configuration (g, u^J_): 

(Po, J-)-^ r(P )(g,u K J_) = (q,w) 
This terminates the proof of the If direction. 

(The Only if direction) Assume that (po, -L) -^T(V)(q, w )- Then, from the definition of 
V, there is an u G T* such that: 

w = u R -L and u G L(M'(qo, 70, g)) 

From the definition of L(_A/f'(go, 7o> <?))j we nave P = (?o,7o-L, -L, • • • > -L) =^r(A4') 
(g, J_, J_, . . . , J_). We can apply Lemma 14.21 to the run p, and we obtain that there is r G S* 
such that: 

(qo, 7oJ-, J-, • • • , - L )^f(Al [x , n[ ) -L, • • • , -L, « R -L) = (9) -L, • • • , -L, w) 
This terminates the Only if direction and the proof of Lemma 14.51 □ 

Now, we are ready to prove that the emptiness problem for Ai is reducible to the 
emptiness problem for V . 

(The If direction) Assume that L(V) ^ 0. This implies that: 

( Po ,±)^* nv) ( Pf ,e) (4.16) 
This means that there is a state q G F such that: 

(po,±) =^* T{V) (q,±)^T(V)(Pf,£) (4-17) 
From the definition of the transition function of V, there are q' G Q and w G Stack (Ai) 
such that: 



p 1 = ( Po ,±)^ nv) (q',w) (4.18) 



p 2 = {q', w )^* (g,L) (4.19) 
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We can apply Lemma l4~5l to the run pi, and we obtain that there is r' G S* such that: 

(q , 70^, • • • , -L) ^t(M) (?') • • • , ±, w) (4.20) 
We can also apply Lemma [4.41 to the run p2, and we obtain that there is r" 6 E* such that: 

(</, ±,...,±,w) ^* T{M) (q, ±, • • • , -1) (4.21) 
Putting together Equations 14.201 and 14.211 we get: 

t' t" 
(?q, 7o -L, . . . , ±) =>T(,M) W , -L, • • • , -L, =>T(.M) (?) -L> ■ ■ ■ ) x ) ( 4 - 22 ) 

This shows that L(.M) 7^ since q £ F, and this terminates the proof of the If direction. 
(The Only if direction:) Assume that L(A4) 7^ 0. Then, there is a state q £ F such that 
(<?o,7o-L,-L, • • • ,-L) =>t(m) (?'- L ' ••• ) J-) for some T G S*. 

This implies that there is a state (/ S Q, t',t" € £*, and w G Stack (M) such that: 

Pi = (?o, 7o-L, • • • , -L) =^r(M[i, B[ ) (?'' - 1 ) • • • > - 1 ) ^) ( 4 - 23 ) 

p 2 = (</, _L, . . . ,±, w) (A<) (g, ±, . . . , 1) (4.24) 
We can apply Lemma 14.51 to the run pi, and we obtain: 

(po,±) -*» r(7 ,)(g» (4.25) 
We can also apply Lemma 14.41 to the run pi, and we obtain that: 

(q',w)^* T(v) (q,±) (4.26) 
Putting together Equations 14.251 and 14.261 we get that: 

(po, J_) r{P) (</, «;) (?, J_) (4.27) 

Moreover, we can apply the transition function 5(q, _L, e,p/) = e to the configuration (q, _L), 
and we obtain the following computation of T(V): 

(po, -L) ^ t(v) (?', w) =^r(p) (?) - 1 ) r(p) (p/i e ) ( 4 - 28 ) 

This shows that L(V) ^ 0, and this terminates the proof of the Only if direction. O 

4.2. Emptiness of a n-OMPA is in 2ETIME. In the following, we show that the 
emptiness problem for a n-OMPA is in 2ETIME with respect to the number of stacks. The 
proof is done by induction on the number of stacks. First, we use the induction hypothesis, 
that the emptiness problem for OMPA with (n — l)-stacks is decidable, to show that the 
generalized pushdown automaton V is effective (and so the emptiness problem for V is 
decidable). Once the effectiveness property of V has been established, we estimate the 
running time of our saturation procedure for V, given in section 12.11 under the assumption 
that the emptiness problem, for (n — l)-OMPA can be solved in 2ETIME. We show that 
the emptiness problem of V (and so A4) is in 2ETIME 
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Theorem 4.6. The emptiness problem for an n-OMPA A4 can be solved in time 0(\A4\ ) 
for some constant d. 

Proof. Let M. = (n, Q, E, V, A, qo, 70, F) be an n-OMPA. To prove Theorem l4.6l we proceed 
by induction on the number of stacks re. 

Basis, n = 1. Then, A4 is a pushdown automaton. From [BEM97J, we know that the 
emptiness problem for A4 can be solved in polynomial time in \A4\. 

Step, n > 1. Then, we can apply Theorem 14.11 to construct a generalized pushdown 
automaton P = (P, 0, T, 5,po, _L, {p/}), with P = Q U {po,Pf}, such that: 

• L(M) + if and only if L(V) + 0, and 

• For every pi,»2 £ P and 7 € T, there is an (n — l)-OMPA A4( P1i7jP2 ) over T such that 

L ( M (Pi,l,P2)) = {Kvi,l^,Pi)) R and |M (pii7iP2) | = 0(\M\ 2 ). 

It is easy to observe that P is an effective generalized pushdown automaton. This is estab- 
lished by the following lemma. 

Lemma 4.7. V is an effective generalized pushdown automaton. 



Proof. To prove the effectiveness property of P, we need to show that for every finite state 
automaton A over the alphabet T, the problem of checking whether L(A) C\6(pi, 7, e, P2) 7^ $ 
is decidable for allpi,p2 £ P and 7 € T. It can be easy shown that L(A)r\5(pi, 7,e,j>2) 7^ 
if and only if L(A) R D (5(pi,j,e,p 2 )) R / 0. 

Let A be a given finite state automaton, pi,P2 £ i 5 two states of V, and 7 £ T a 
stack symbol of V . Using Lemma 13.61 we can construct an (n — l)-OMPA M! such that 
L(M') = {L{A)) R n L(M (pii7iP2) ) = {L{A)) R n (%i,7,e,p 2 )) since we have = 
(^(pii 7) £-,P2)) R - Now, we can apply the induction hypothesis to M.' to show that the 
checking whether L(A4') ^ is decidable. Thus, V is an effective generalized pushdown 
automaton. □ 

From Theorem l2.71 Theorem l4.1^ and Lemma [4. 71 we deduce that the emptiness problem 
for the n-OMPA M is decidable. 

Next, we will estimate the running time of the decision procedure. From Theorem 12. 7\ 
we know that the emptiness problem of V is reducible to compute the set of predecessors 
of the configuration (p/,e) since L(V) ^ if and only if (pch-L) £ P re T{V)({Pf} x { e D- 

Let A be the "P-automaton that recognizes the configuration (p/,e) of V. It is easy 
to see that such "P-automaton A, with \A\ = OQA'll), is effectively constructible. Now, 
we need to analysis the running time of the saturation procedure (given in section I2.ip 
applied to A. For that, let Ao, . . . ,Ai be the sequence of P-automaton obtained from the 
saturation procedure such that Ao = A and L-p{Ai) = Pre^-^(L-p(A)). Then, we have 

i = 0(|.M| 3 ) since the number of possible new transitions of A is finite. Moreover, at each 
step j, with < j < i, we need to check, for every state q of A, p,p' E P, and 7 € T, 
whether L(Aj)({p'}, {q}) fl 8(p, 7, e,p') ^ 0. 

Using Lemma 13.61 we can construct, in polynomial time in \A4\, an (n — l)-OMPA 
M '( q , P , 7 ,p') such that L lM[qMtf)) = ( L (A)({P / }.{9})) fi nL(M (Pi7 y ) ) and \M[ mpl) \ < 
c(|.M| 3 ) for some constant c. Now, we can apply the induction hypothesis to M.'^ q p 7 a pl y 
and we obtain that the problem of checking whether L{M'^ q p ^ a 7^ can be solved 



20 



M. F. ATIG 



in time 0((c \A4 | 3 ) 2<i<n Putting together all these equations, we obtain that the 

problem of checking whether (po,_L) € P re T(P)({Pf} x i e }) can ^ e sorve d m time 
0(| Al| 3 |A^| 5 (c |.M| 3 ) 2d( ™ By taking a constant d as big as needed, we can show that 
the problem of checking whether L(Ai) ^ can be solved in time 0(|.M | 2d "). □ 

5. Computing the set of predecessors for OMPA 

In this section, we show that the set of predecessors of a recognizable set C of configurations 
of an OMPA is recognizable and effectively constructible (see Theorem 15. 6p . To simplify 
the presentation, we can assume without loss of generality that the set C contains only 
one configuration of the form {qt , _L, . . . , _L) where all the stacks are empty. This result is 
established by Lemma [57TI 

Lemma 5.1. Let M. = (n, Q, S, T, A, qo, 70, F) be an OMPA and A be an A4- automaton. 
Then, it is possible to construct, in time and space polynomial in (|A4| + \A\), an 
OMPA M! = (n,Q' U {q f }, E, T', A', g , 7o, F) where Q C Q' , q f £ Q' , and \M'\ = 
0(\M\ ■ \A\) such that for every c G Conf(M.), c G PreJ J -^ M ^{Lj V [{A)) if and only if 
cePre* T{MI) ({(q f ,±,...,±)}). 

Proof. The proof is similar to the case of standard pushdown automata. Technically this can 
be done by adding to the OMPA A4 some pop transitions that check, in nondeterministic 
way, if the current configuration belongs to Lm(A) by simulating the 7W-automaton A. 
Let A = (Qm-, r, A_A/f, I Mi Fm) be the A4-automaton. We assume w.l.o.g that A has no 
transition leading to its initial states and that there is no transition of A labeled by the 
empty word. 

We construct the OMPA M' = (n, Q' U {<?/}, E, T' , A', q , 70, F) as follows: 

• Q' = Q U (Qm x [1) n + 1])- The set of states Q' is precisely the union of the set of states 
of A4 and the set of states of A indexed by the stack identities. (The index n + 1 is used 
to mark the end of the simulation of A by Ai'). Moreover, we assume that A4' has a 
fresh state qf ^ Q'. 

• r' = r U {ft} such that fl ^ T. The fresh stack symbol ft is used to ensure that A4' respects 
the constraints imposed by the normal formal. Intuitively, this symbol will be pushed 
on the first stack whenever a symbol is popped from a stack with an index from 2 to n, 
during the simulation of the Al-automaton A, and then this symbol will be popped from 
the first stack. 

• A' is the smallest transition relation such that the following conditions are satisfied: 

— First Phase: In this phase the OMPA M' behaves exactly as the OMPA M'. This 
corresponds to A C A'. 

— Second phase: In the second phase, A4' checks if the current configuration is accepted 
by A. This is done by allowing Ai' to start, in non-deterministically way, the simulation 
of A while popping the read symbols from their corresponding stacks. Formally, we 
have: 
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* For every transition q --^a P with q G Q and 7 G (r \ {_L}), we have 
(q, 7, e, . . . , e) -^m' ((Pj 1)j e > e > • • • > e )- This means that, in non-deterministically way, 
the checking of whether the current configuration is accepted by A can be started 
by the simulation of a transition of A from the current state q. This transition of 
Ai' corresponds to the case where the first stack is not empty 

* For every q P with i G [1, n] and q G Q, we have (q, _L, e, . . . , e) -^m'{(p^ i + 
1), _L, e, . . . , e). This means that the simulation of A by Ai can be started and the 
first i stacks are empty. Observe that the state (p, i + 1) of Ai' corresponds to the 
fact that the current state of A is p and that we are currently checking the stack 

* For every i G [l, n ] an d p == ^7 _ (^) ^' ^ or some 3 ^ — 2 + 1]) we have 
((p, i), _L, e, . . . , e) -^m'{(p' '> i + i)j -L, e, . . . , e). This corresponds to the simulation 
of a sequence of transitions of A that checks if the stacks from i to (i + j — 1) are 
empty. In this case, we move the current state from p to p' and we start checking 
the stack of index (i + j). 

* For every i € [l,n] and p -^ap' f° r some 7 £ (r \ {J-}), we have 
({p,i),li, ■ ■ ■ ,ln) -^M'((p',i),ai, ■ ■ ■ ,a n ) with 71 = ••• = 7^1 = _L, 7i = 7, 
7i+l = ' ' ' = In = e, ai = (t • JL, «2 = • • • = cti-i = -L, and a, = • • • = a n = e. 
The simulation of a transition of ^4, that reads the symbol 7 from the i^-stack, is 
performed by M! by a transition that pops 7 form the i^-stack and pushes the fresh 
symbol (j into the first stack. 

* For every index i € [l,n + 1] and state p € Q.4, we have 
((p, i), j), e, . . . , e) -^M'iiPi *)i e ) • • • j e }- This transition pops the fresh symbol ft 
from the first stack. Recall that this fresh symbol is introduced in the only aim of 
ensuring the normal form of A4' . 

* For every p E F, we have ((p, n+ 1), _L, e, . . . , e) -^M'ilfi -L, e, . . . , e) . This transition 
ends the simulation of A by J\A! after verifying that the current configuration of M 
is accepted by A. 

Then it is easy to see that for every c G Conf(A4), c € Pretj-^ M ^{Lj V [{A)) if and only if 
cePre* T{MI) ({(q f ,±,...,±)}). ' ' " □ 

In the following, we show that the set of configurations C of the form (q' , _L, . . . , _L, w') 
from which the OMPA A4 can reach a configuration of the form (q, _L, . . . , _L), where all the 
stacks are empty, is recognizable and effectively constructible. 

Lemma 5.2. Let Ai = (n,Q,'E,T,A,qo,'yo,F) be an OMPA and q £ Q be a state. Then, 
it is possible to construct, in time 0(\A4\ 2dn ) where d is a constant, an Ai- automaton A 
such that \A\ = 0(\A4\) and c £ L_m{A) if and only if c G Pre^, M J{(q, _L, . . . , -L)}) and 
c = (q', _L, . . . , _L, w) for some q' G Q and w G Stack (Ai) . 

Proof. Lemma [4.41 shows that, given an OMPA Ai with n stacks, it is possible to construct 
an effective generalized pushdown automaton V ', whose pushed languages are defined by 
OMPA with (n — 1) stacks, such that the following invariant is preserved: The state and 
the stack's content of V are the same as the state and the content of the n th stack of Ai 
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when its first (n — 1) stacks are empty. Then, we can make use of Theorem 12.31 which 
shows the set of all predecessors of a recognizable set of configurations is an effectively 
constructible recognizable set for effective generalized pushdown automata, to show that 
Lemma 15.21 holds. □ 

Next, we state our main theorem which is a generalization of the result obtained in for 
bounded-phase visibly multi-stack pushdown automata [SetlO] . 

Theorem 5.3. Let M = (n, Q, E, T, A, qo, 70, F) be an OMPA and q G Q be a state. Then, 
it is possible to construct, in time 0(\A4\ 2 ) where d is a constant, a Ai-automaton A such 
that \A\ = 0{\M\ 2dn ) and L M {A) = Pre* r{M) ({(q, J_, . . . , 1)}). 

Proof. Prom Lemma 15.21 we know that the set of configurations C n , consisting of 
Pre^-^ M ^({(q, _L, . . . , -L)}) restricted to the configurations in which the first (n — 1) empty 
stacks are empty, is recognizable and effectively constructible. To compute the intermediary 
configurations in Pre^ M ^({(q, _L, . . . , -L)}) where the first (n — 1) stacks are not empty, we 
construct an ordered multi-pushdown automaton ftA! with (n — 1) stacks that: (1) performs 
the same transitions on its stacks as the ones performed by A4 on its first (n — 1) stacks, 
and (2) simulates a push transition of Ai over its n th stack by a transition of the finite-state 
automaton accepting the recognizable set of configurations C n . Now, we can apply the 
induction hypothesis to M! and construct a finite-state automaton accepting the set of all 
predecessors Pre* T (A4) ({(<?, -1, . . . , _L)}). 

We proceed by induction on the number of stacks of the OMPA Ai. 

Basis, n = 1. Then, Ai is a pushdown automaton. From [BEM97], we know that such an 
.M-automaton A for Ai can be constructed in polynomial time in \Ai\- 

Step, n > 1. Then, we can use Lemma 15.21 to construct, in time 0(|.M| 2dn ) where d 
is a constant, an .M-automaton A' = {Qa'-> T, Q, F4/) such that \A'\ = 0(\Ai\) and 

r' * 

(q", _L, . . . , _L, w) G L M (A') if and only if (q" , _L, . . . , ±, w) =^r{M) (g, -L, • • • , -L) for some 
t' G S*. Afterwards, we assume without loss of generality that the .M-automaton has no 
e-transitions. 

Let M.[i^ n [ = (n, Q,T>,F, A[ l ra [, 7o 5 ^) be the OMPA built from M by discarding 
the set of pop transitions of A4 over the n th stack (as defined in Section I4.ip . (Recall 
that A [1)7l[ = A n ((Q x (r e ) n_1 x {e}) x S e x (Q x (r*) n ))). Then, it is easy to see 
that for every configuration (q', wi,..., w n ) in Pre^-^ M ^({(q, _L, . . . , 1.)}), there are q" G Q, 
w G Stack(M), and t',t G S* such that: 

(<?', wi,...,w n ) =^* T[M[in[) (q", A.,..., l_,w) ^* T[M) (q, -L, . . . , J.) 

Since the OMPA Airier can only have push transitions over its n th stack, we have 
(</', w\, . . . , w n ) = =^7-( J vi [1 ) {q" 1 -L, • • • , -L, w) if and only if there is v G (r \ {-L})* such that 
w = vw n and (q' , w\, . . . , w n -i,±) =^* T ^ M[1 a (q",-^, ■ ■ ■ ,-L,v) (see Lemma WM- 

Let M' = (n - 1,Q X Qa',^, T, A', q' , 70, F') be an (n - l)-OMPA built from the 
OMPA M[i jTl [ and the FSA A' such that ((gi,Pi),7i, . . . ,7n-i) -^M'((Q2,P2), "i, . . . ,a n _i) 
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if and only if (#1,71,. . . ,7„_i,e) -^A4 [1>n[ (?2, "l, • • • ,a n -i,a n ) and p 2 =^f(.4') Pl for SOme 
a n G ((r\{_L})U{e}) . In fact, the OMPA Ai' defines a kind of synchronous product between 
the pushed word over the n-th stack of OMPA A^[i !n r and the reverse of the input word of 
the FSA A'. Observe that the size of the constructed (n - 1)- OMPA M' is 0(\M\ 2 )). 

Then, the relation between A4', M\i >n u and A' is given by Lemma 15.41 which follows 
immediately from the definition of M'. 

Lemma 5.4. ((gi,pi), Wi, . . . , iu n -i) =^t(M') (fe,^), J-, • • • , -L) iff there is a v £ (T \ 
{_L})* such that {qi,Wi, . . . ,w n -i, JL) ==>t(M {1 n[ ) (?2,-L, • • -,±,v±) and p 2 =^^(A') Pl - 

Now, we can apply the induction hypothesis to M' to show that for every (q",p") G 
Q x Qa'i ^ possible to construct, in time 0(|A / I| 2d " 1)+2 ), an .A/f '-automaton A( q ",p") such 
that \A {q „ )pll) \ = 0(\Mf (n - 1)+2 ) and W0V,p")) = ^ef (>(/) ({((g",p"), ±, • • • , J-)}). 

From the .M'-automata A( q " tP ir) and the .A/f-automaton A', we can construct an A4- 
automaton A such that (q' } w\ , . . . , w n ) G Lj^(A) if and only if there are q" G Q and 

p',p" G Q.4 such that: (1) g" ^ ^p", (2) ((g',p'), W\, . . . ,io n -l) G Am'(>4(<z" ,?"))> and 
(3) p'==^-(_4/)P for some p G F4/. Observe that such an automaton .4 of the size 0(\Ai\ 2<in ) 
(by taking d as big as needed) is effectively constructible from «4( g "y) and .4' using standard 
automata operations. Moreover, we have: 

Lemma 5.5. L M (A) = Pre* T{M) ({(q, _L, . . . , _L)}). 

Proof. (C) Let (q' , w±, . . . , w n ) G Lj^(A). Then, there are q" G Q and p',p" G Qa such 

that: (1) q" > r(A')P ' ( 2 ) ((^ ,p), ™i, ■ ■ ■ , G Am'(A<?'',p''))> and ( 3 ) p'^T(,4') p 

for some p G F4/ . 

So, we can apply Lemma l5~4"l to the run ((g',p'), u>i, . . . , io n -l) = =^7-(.M') ((^">P")> -'-)•••>-'-) 
to show that there is t> G T* such that (g', it>i, . . . , w n -\, _L) =^7-(>f[i ) (#">-'->■■■>-'-> v ) 
and p" =^-}-^ p'. Thus, we have (q' , wi,..., w n -i,w n ) =>t(M) (q"> ■ ■ ■ > ^n)- 

Now, we can use the runs q" = ^ y(A')P' p" ^^T(A') p'> and p'^^T(A')P *° s ^ ow that 
(q",±,...,±,vw n ) G L M (A'). This implies that (q", ±, . . . , ±,vw n ) =^ (M) (g, _L, . . . , _L). 

Hence, we have (q', w\, . . . , w n ) G Pre^-, M J{(q, _L, . . . , -L)}) and therefore Lx(4.) C 
^ef (A4) ({(g,±,...,±)}). 

(2) Let (q',wi, . . . ,w n ) G Pre^ M ^({(q, J_, . . . , _L)}). Then, there are q" G Q, v G T*, and 
r, r' G S* such that: 

(g', w u ...,w n ) =^* T(M[in[) (q", _L, . . . , _L, vw n ) ^>r{M) (?» - 1 ' • • • > - 1 ) 
Since (g", _L, . . . , _L, uiu n )^»^- (M) (g, _L, . . . , _L), we have (q", _L, . . . , _L, vw n ) G L M (A'). 

I n — 1 

This implies that there are p',p" G Q^' and p G i 7 ^' such that q" ' 'T{A')P" ' 
P" =^T(A') P'i and P'=^r(A')P- 
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On the other hand, we can show (q',w\, . . . , w n -\ , _L) = ^*t{Mi ) -'->•••>-'-> u ) smce 

we have (g', . . . , w n ) =k>^ M , (q" , ±, . . . , ±,vw n ). 

Then, we can apply Lemma 15.41 to (q',wi, . . . , w n -i, _L) =^i-{M i ) ' ' ' ' u ) 

and j/'^^^j/ to show that ((q',p'), ^i, • • • > »n-i) (M') (0?">p")> • • • > Tnis 
implies that ((g',p'), w±, . . . , u> n _i) E £M'(A ? 'yi). Now, we can use the definition of the 

| n— 1 

.M-automaton >l to show that (g', w\, . . . , w n ) E L_m(A) since we have q" S ' *T(A!)P" ■> 
((q',p'), w\i ■ ■ ■ , w n -i) E Lw(A( q >iyr)), and p'^^^^^p with p E Fjj. Hence, we have 
L M (A)^Pre* r{M) ({(q,±,...,±)}). □ 

This terminates the proof of Theorem 15.31 □ 

As an immediate consequence of Theorem 15.31 and Lemma 15. 1\ we obtain: 

Theorem 5.6. Let Ai = (n,Q,H,T,A,qo, r yo,F) be an OMPA and A' be an M-automaton. 
Then, it is possible to construct, in time 0((\Ai\ ■ |-4,'|) 2d ") where d is a constant, an Ai- 
automaton A such that \A\ = 0({\M\ ■ \A'\) 2d ") and L M (A) = Pre* T( ^ M) {L M (A')). 

We can extend the previous result to show that the operator Pre + preserves also rec- 
ognizability. 

Theorem 5.7. Let Ai = (n, Q, S, T, A, q , 70, F) be an OMPA and A' be an Ai-automaton. 
Then, it is possible to construct, in time 0((\Ai\ ■ \A'\) 2 ") where d is a constant, an Ai- 
automaton A such that \A\ = 0((\M\ • |-4'|) 2d ") and L M (A) = Pre+ {M) (L M (A')). 

Proof. In the following, we show that computing the set Pre^^ M ^(Lj^4(A')) can be 
reduced to computing the set Pre^^^Lj^i^A")) for an OMPA Ai' and an Ai- 
automaton A" such that \Ai'\ = 0(\AA\) and \A"\ = 0(\A\). Intuitively, the 
OMPA has the same stack and input alphabets as the ones of Ai. Corresponding 
to each state q of Ai, Ai' has q and q CO py as two states where q cop y is a fresh sym- 
bol which was not used neither in the definition of Ai nor in the definition of A. 
For any transition of the form (g, 71, . . . ,7 n ) mWi a\, . . . , a n ), Ai' has two transi- 
tions (g,7i, . . . ,7n) -^M'il'i 

a n ) and (g, 71, . . . , 7n) ^ Ml Wcopy^ a i> • • • > a n )■ Any 
computation of AA! can be divided in two phases. In the first phase AA! mim- 
ics the behavior of the OMPA Ai' by performing the same sequence of transitions. 
In the second phase, the OMPA AA' performs a transition from a state q E Q of 
Ai to a state q' copy with q' E Q and halts. Formally, Ai' is defined by the tu- 
ple (n, Q U Q CO py, A U A', g , 70, -F) where Q cop y = {Qcopy \ Q E Q} and A' = 
{(9,7l» ■ ■ ■ >7n) M' Weepy > a li-- ■.*«) I (g,7l)- • • >7n) -^mW^I, ■ ■ ■,«„)}. 

Let A' = (Qa^,T , Am, Im-i Pm) be the .M-automaton. We assume here that A has 
no transition leading to an initial state. Now, we can construct the Ai '-automaton A" = 
(Qm 1 >r, Am' j Im' 1 Fm') from the A4-automaton A' as follows: The set of states of A" is 
the union of the set of states of A' and the set of states of Ai' (i.e., Qm' = Qm U Qcopy)- 
The set of transitions of A" contains any transition of A that does not involve a state of 
Q (i.e., (A_yvj \ (Q x T e x Qm)) ^M')- Moreover, corresponding to any transition of the 
form q-^A 1 P where q E Q, the automaton A" has a transition of the form q cop y P- 
That is, the automaton A" is precisely A' where any initial state q E Q is relabeled by its 
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copy q CO py (Observe that there is no transition from/to a state q G Q in A".) Since A" is 
an A4'-automaton, we have I^f = Q U Qcopy We have also i 7 ^/ = i^. 

Then it is easy to see that the set Pre^-^ M ^(L_\4(A')) is precisely the set 
P re T(M') i^M' fl Conf(Ai). Thus, we can apply Theorem 15.61 to show that it is possi- 
ble to construct, in time 0((|.M| • 1*4.' I) 2 * 1 ) where d is a constant, an A4-automaton A such 
that \A\ = 0((\M\ ■ \A'\) 2dn ) and L M (A) = Pre+JL M {A')). □ 



6. Linear- Time Global Model Checking 

In this section, we show that the model-checking problem of w-regular properties for OMPA 
is decidable and in 2ETIME. Observe that this result subsumes the 2ETIME upper bound 
obtained for the emptiness problem of OMPA (see Theorem 14, 6p . In fact, we can see the 
emptiness problem (i.e., the reachability problem) of OMPA as a particular instance of 
the LTL-model checking problem of OMPA for which the decision procedure (provided in 
Section H]) is simpler. 

To prove the 2ETIME upper bound for the model-checking problem of w-regular prop- 
erties for OMPA, we introduce the repeated state reachability problem for OMPA. 

We fix an OMPA Ai = (n,Q,T,,T,A,qQ,^Q,F) for the rest of the paper such that 
£ = A and t = ((q, 71, ... , j n ), a, (q' , ai, . . . , a n )) is in A if and only if a = t. 

6.1. The repeated state reachability problem. In the following, we are interested in 
solving the repeated state reachability problem which consists in computing, for a given state 
qj G Q, the set of all configurations c of Ai such that there is an infinite run of T(Ai) 
starting from c that visits infinitely often the state qj. 

To this aim, let us introduce the following notation: For every i G [l,n], we denote by 
= ( n > Q; 53) r, Ary , qo, 70, F) the OMPA built from M. by discarding pop transitions 
of M over the last (n — i) stacks. Formally, we have Ap^] = A n ((Q x (r e ) 1 x ({e}) n ~*) x 

£x(Qx(r*r))- 

For every i G [1, n], and every (9,7) G Q x (r \ {-L}), let c\ q '^ denote the set of all 
configurations (q, w±, . . . , w n ) G Conf(M) such that w\ = ■ ■ ■ = Wi-i = _L and Wi = for 
some u G Stack{M). Moreover, let cf^ be the configuration (q, w\, ... ,w n ) of M such 
that Wi = 7_L and Wj = _L for all j 7^ i. 

In the following, we show that detecting an infinite computation of Ai that visits 
infinitely often a state qf can be reduced to detecting an infinite computation the form p\-p% 
that eventually repeats the same sequence of transitions indefinitely and visits qj infinitely 
often (and where p\ and P2 are finite computations). Hence, a periodic computation is a 
run which, after a finite computation prefix p\ (called stem), ultimately repeats the same 
sequence of transitions P2 (called lasso) over and over. Let us give some intuitions behind 
this reduction. 

Let us assume that there is an infinite computation p of T{M) starting from a configu- 
ration c of Ai. Let i be the maximal index of the stack that is popped infinitely often. This 
means that, at some point of the computation, the stacks from (n — % + 1) to n will never 
be popped. Let us concentrate on the suffix of the computation p which contains only push 
transitions on the stacks from (n — i + 1) to n. Let c\C2 ■ ■ ■ be the sequence of configurations 
in this suffix of p where the first (i — 1) stacks are empty. Applying a similar argument 
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to the content of the v -stack, along the sequence of configurations c\c% ■ ■ ■ , as the one for 
standard pushdown automata [BEM97] , we can deduce that the i* ft -stack is increasing. This 
means that there are indices j% < jt, a stack symbol 7 G T, and a state q G Q such that the 
configurations Cj 1 and c,- 2 are in C^'^ and the symbol 7 at the top of the i i/l -stack in Cj 1 and 
Cj 2 will never be popped. Furthermore, along the sub-computation p2 from Cj 1 and Cj 2 the 
state qf is visited. Observe that if we remove from the configuration Cj 1 all the stack sym- 
bols that will never be popped we obtain the configuration cf^\ Then, the computation 
pi can be simplified, by dropping all the (useless) stack symbols that will never be popped 

from the configuration Cj 1} as follows : cf '^==$*j-(M 1 )^/' Wl i ' ' ' ' ^ 2 ) = ^T(.M[i j) c 2 w ith 

c 2 G C^'^. This computation p2 represents our lasso computation since from the configu- 
ration c' 2 we can repeat the sequence of transitions t\Ti while visiting the same states (and 
in particular the state qf). 

The existence of a such lasso is expressed by the second item of Theorem 16.11 while 
the existence of a stem computation from the starting configuration c to the configuration 
Cj 1 G c\ q ' n ^ is stated by the first item of Theorem 16.11 

Then, the solution of the repeated state reachability problem is formally based on the 
following fact: 

Theorem 6.1. Let c be a configuration of M and qj be a state of M. There is an infinite 
run starting from c that visits infinitely often the state qf if and only if there are i G [l,n], 
q G Q, and 7 G T such that: 

(1) cePre^iC^), and 

(2) c^ G HM M) (iSlM M )ri M) ) n (i«f} X (Stack(M)T)). 

Proof. (=>) : Let p = cotoC\tiC2t2 ■ ■ ■ be an infinite computation of T(M) starting from the 
configuration cq = c of Ai. For every j G N, Cj is a configuration of M and tj is a transition 

of A4 such that Cj —^f{M) c j+i (recall that X = A). Let i G [1,71] be the maximal index 
such that for every j G N, there is kj > j such that t^ . is a pop transition over the i th stack 
of M. This implies that c kj is in Q x ({_L})* -1 x ((T \ {_!_})* • Stack(M)) x (StackiM)) 17 ^ 
(i.e., the first (i — l)-stacks are empty) since t^ is a pop transition from the i th stack of A4. 

From the definition of i, there is r G N such that for every h > r, there is dh G [1, i] 
such that the transition th is a pop transition over the stack dh of A4 (i.e., the transition 
th is not a pop transition from the stack from (n — i + 1) to n). This implies that for every 

h>r,we have c ft T(M [1A ) c h+i- 

Then, we construct a sequence ir = Cj Cj 1 Cj 2 • • • of configurations of M. as follows: Cj 
is the first configuration of p such that jo > r and tj is a pop transition over the i^-stack 
of M, for every i > 0, Cj £ is the first configuration of p such that > ji-i and is a pop 
transition over the z-stack of M. Recall that, by definition, we have for every I G N, Cj l is 
in Q x ({J.})*" 1 x ((r \ {_L})* • Stack{M)) x (StackiM)) 71 ^ (i.e., the first (» - 1) stacks are 
empty) . 

Now, for every I > 0, let it"' be the suffix of it starting at c,- p and let rrfi' be the 
minimal length of the configurations of ir^ , where the length of a configuration is defined 
as the length of its i th stack. 
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Construct a subsequence ir' = c ZQ c Zl c Z2 ■ ■ ■ of ir as follows: c 2o is the first configuration 
of ir of length m^; for every I > 0, c Zl is the first configuration of tt^ Zi - 1+1 ^ of length 

m (zi_i+l)_ 

Since the number of states and stack symbols is finite, there exists a subsequence 
7T " = Cx Cx 1 Cx2 ■ ■ ■ of 7r' whose elements have all the same state q, and the same symbol 7 
on the top of the i th stack. Observe that c XQ ,c Xl ,c X2 , . . . are in cj . 

Since p is an accepting run, there is an index b > 1 and a configuration c g/ with state 
qj such that: 

I" t' I T" 

C => T(A1) c ^'o ==> T(A1) C| 2/ = ' > T(A4) c x b 

Since Co = c and £ Cj- 9,7 ^, we have c G Pre^^(C7- 9 ' 7 ^), and so (1) holds. 
Due to the definition of 7r (and so, 7r' and ir"), we have 

t' -|- r" * 

Ca;o ^r(M [ i.i]) c 9/^ > r(M [1 , i] ) c ^ 

Since c XQ G Q x ({l})' -1 x ((T \ {±})* • Stack(M)) x (5tacfc(7W)) n -% then there are 
Wi, Wi+x, ■ ■ ■ ,w n 6 Stack(Ai) such that c XQ = (</, _L, . . . , _L, 710$, tuj+i, . . . , u> n ). Due to the 
definition of the subsequence ir' and ir" all the configurations of p between c xo and c Xi) have 
a content of the Z-th stack (with i < I < k) of the form lojiuz. In particular, the configuration 
c q . is of the form {qj,u\, . . . , Ujitfj, Uj + iU) i+1 , . . . , u n w n ) and the configuration is of 
the form (g, _L, . . . , _L, jViWi, Vi+xWi+x, . . . , v n w n ). This implies: 



>7) 



(g, _L, . . . , _L, 7, _L, . . . , _L)^+ (A1[i Jq f , u 1 ,..., Ui-x,Ui,u i+ x, ■ ■ ■ , u n ) 



and 

(qf, ui,..., Ui-i,Ui,u i+ i,. . . , u n )=^ r(iM[i ^ (g, _L, . . . , _L, jVi,v i+1 , ...,«„) 

Consequently, (2) holds, which concludes the proof. 

(<^=) : We can use (1) and (2) of Theorem 16.11 to construct a run starting from c that visits 
infinitely often the state qj. □ 

Since the sets of configurations C^ 9 ' 7 ^ and ({<?/} x (Stack(M)) n ) are recognizable, we can 

use Theorem 15.61 and Theorem 15.71 to construct .M-automata recognizing Pre^^ M ^(C\ q ^) 

and Pre^-^ M ^ ^(Pre^-^ M ^ . ] )(C'^ 9 ' 7 ' 1 ) n ({g} x (5 , tacfc(A4)) n )) . Hence, we can construct a 

.M-automaton that recognizes the set of all configurations c of M. such that there is an 
infinite run of T(M) starting from c that visits infinitely often the state qf. 

Theorem 6.2. Let M = (n, Q, E, T, A, g , 70, F) be an OMPA and qj € Q be a state. Then, 
it is possible to construct, in time 0((\M\) 2 ) where d is a constant, an M-automaton A 
such that \A\ = 0((|.A4|) 2dn ) and for every configuration c E Conf(M), c € L_m(A) if and 
only if there is an infinite run ofT(M) starting from c that visits qf infinitely often. 



Proof. We know from Theorem 16.11 that there is an infinite run of T{M) starting 

S T(M)( 



from c that visits qj infinitely often if and only if c € Pre^-/^(C| 9 '^), and cf'" 1 ^ G 
Pre+ APre* T , M . )(C- 9 ' 7) ) n ({g/} x (Stack (M)) n )) . (Observe that it is possible to 
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construct an .M-automaton representing the set c\ q ^ and which size is linear in the size 
olM.) 

Then, for every index i S [l,n], state q G Q and stack symbol 7 € T, we construct 
an .M-automaton A^f' 1 '^ recognizing the set Pre*j^^ .^{Ci 9 '" 1 ^) and such that l^ 9 ' 1 ' 7 ^ | = 

0{{\M\) 2 ) where d! is a constant. From Theorem 15.61 we know that such an automaton 
can be constructed in time 0((|.M|) 2 ). 

Now, we can construct an .M-automaton A^' 1 '" 1 ^ recognizing precisely the set 
(Pre* nM[ii]) (C^ y ) n {{q f } x (Stack{M)) n )) and such that \A { f ia) \ = 0{{\M\) 2d ' n ). Ob- 
serve that A^ 1 ^ can be constructed in time 0((|At|) 2d ") from the .M-automaton A^' 1 '^. 

We can apply Theorem 15.71 to M. and A^' 1 ^ to show that we can construct an A4- 
automaton A^ m) recognizing Pre+ (M j ^{Pre^ M i] )( c 'i 9,7) ) n ({9/} x {Stack(M)) n )) and 

such that \A$ M) \ = 0{{\M\) 2i " n ) for some constant d" > d! . Moreover, such an A4- 
automaton A^' 1 '^ can be constructed in time 0((|.M|) 2 ' i "). Then, checking whether cf^ 
is in Lm(A^' 1 ' 1 ' > ) can be performed in time polynomial in \A^' % | |HU79| . 

If cf^" 1 is not in Lj V [{A^' % '^) then let A^ q ' 1 '^ be the .M-automaton recognizing the 
empty set (i.e., L M {A { - q ' i ' 1 ">) = 0). Otherwise let A^'^ be the .M-automaton recognizing 
the set Pre* nM) {c\ qa) ) and such that ^(^l = 0{{\M\) 2d ' n ). From Theorem [5^1 we 

know that such an automaton can be constructed in time 0((|.M|) 2 ). 

By taking d as big as needed, we can construct, in time 0((| A4 |) 2dn ) where d is a 
constant, the .M-automaton A such that \A\ = 0((|.M|) 2 ) and for every configuration 
c € Conf(M), c G L_m{A) if and only if there is an infinite run of T(M) starting from c 
that visits qj infinitely often. The .M-automaton A4 is just the union of all the .M-automata 



6.2. it;-regular properties. In the following, we assume that the reader is familiar with 
^-regular properties expressed in the linear-time temporal logics |Pnu77| or the linear time 
/^-calculus |Var88j . For more details, the reader is referred to |Pnu77[ IV W86[ IVar88[ IVar95 . 

Let (p be an ^-regular formula built from a set of atomic propositions Prop, and let M. = 
(n,Q,S,r,A,g ,7o,P) be an OMPA with a labeling function A : Q -> 2 Pr °P associating 
to each state q G Q the set of atomic propositions that are true in it. Afterwards, we are 
interested in solving the global model checking problem which consists in computing the set 
of all configurations c of A4 such that every infinite run starting from c satisfies (p. 

To solve this problem, we adopt an approach similar to [BM961 BEM97J and we 
construct a Buchi automaton B-,^ over the alphabet 2 Prop accepting the negation of (p 
[VW861 IVar95] . Then, we compute the product of the OMPA M and of the Biichi au- 
tomaton B^tp to obtain an ra-OMPA ,M-,« with a set of repeating states G. Now, it is easy 
to see that the original problem can be reduced to the repeated state reachability problem 
which compute the set of all configurations c such that there is an infinite run of T{M) 
starting from c that visits infinitely often a state in G. Hence, as an immediate consequence 
of Theorem 16.21 we obtain: 
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Theorem 6.3. Let A4 = (n,Q,'E,T,A,qo, r Yo,F) be an OMPA with a labeling function A, 
and let if be a linear time \x- calculus formula or linear time temporal formula. Then, it is 
possible to construct, in time 0((2^ ■ \A4\) 2 ™) where d is a constant, an A4-automaton A 
such that \A\ = 0((2^ ■ |.M|) 2 ™) and for every configuration c £ Conf(Ad), c € Lj^i{A) if 
and only if there is an infinite run ofT(M) starting from c does not satisfy (p. 

Proof. It is well known that it is possible to construct, in time exponential in \<p\, a Biichi au- 
tomaton for the negation of ip having exponential size in \ip\ |VW8 6 , Var88j. Therefore, 
the product of M and B^ v has polynomial size in and exponential size in \<p\. Applying 
Theorem [62] to the n-OMPA (the product of M and B^) of size 0(2,M ■ \M\) we 

obtain our complexity result. □ 

Observe that we can also construct an .M-automaton A' such that for every configu- 
ration c G Conf{M), c £ Lm(A) if and only if every infinite run of T(M) starting from c 
that satisfies (p since the class of .M-automata is closed under boolean operations. 

We are now ready to establish our result about the model checking problem for w- 
regular properties which consists in checking whether, for a given configuration c of the 
OMPS, every infinite run starting from c satisfies the formula cp. 

Theorem 6.4. The model checking problem for the linear-time temporal logics or the linear- 
time fi-calculus and OMPA is 2ETIME-complete. 

Proof. The 2ETIME upper bound is established by Theorem 16.31 To prove hardness, we 
use the fact that the emptiness problem for ordered multi-pushdown automata is 2ETIME- 
complete [ABH08] . □ 



7. Conclusion 

We have shown that the set of all predecessors of a recognizable set of configurations of an 
ordered multi-pushdown automaton is an effectively constructible recognizable set. We have 
also proved that the set of all configurations of an ordered multi-pushdown automaton that 
satisfy a given w-regular property is effectively recognizable. From these results we have 
derived an 2ETIME upper bound for the model checking problem of w-regular properties. 

It may be interesting to see if our approach can be extended to solve the global model- 
checking problem for branching time properties expressed in CTL or CTL* by adapting the 
constructions given in [BEM97, FWW97] for standard pushdown automata. 
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